C# must have a bug

Printable View

Show 50 post(s) from this thread on one page

November 17th, 2008, 02:09 PM
TheCPUWizard

Re: C# must have a bug

Quote:

Originally Posted by MadHatter

sql injections can happen anywhere. you can write an SQL statement the same way, you can pass parameters to a sproc the same way. you can shoot your foot off the same way.

1) They can NOT happen "anywhere" they can only occur if you are dynamically building SQL Statements.

Therefore

a) The code you quoted CAN NOT have a SQL Injection Attach Exposure.

b) An application using exclusively stored procedures also CAN NOT BE WRITTEN such that the APPLICATION exposes the database to SQL Injection. [This does NOT preclude errors on the part of the DBA writing the stored procedures, but that is not done in the context of the Application or even (in 99.99% of the cases) in managed code of any language.
November 17th, 2008, 04:34 PM
TheCPUWizard

Re: C# must have a bug

Quote:

Originally Posted by MadHatter

they can happen anywhere refers to programmers ability to eff up code where ever they program, and not referring to a specific situation

No this is the C# forum, and the post in question is about LINQ and SQL Injections specifically. What other programmers can do in other situations is not the topic of discussion. And there is NO possibility of SQL Injection with LINQ-TO-SQL.

Quote:

Originally Posted by MadHatter

<snip> I know of many situations where you asserted false statements. </snip>

If I post something false, and become aware of it, it has always been my policy to go back and ANNOTATE the existing information directing the user to the correct information (not editing the thread to destroy integrity of the posts).

If I have missed any, then my apologies, and please feel free to point them out to me (not on this thread) so I can address them.
November 17th, 2008, 04:55 PM
Brad Jones

Re: C# must have a bug

Negative personal comments are a violation of this site's Acceptable Usage Policy. Please avoid them. Personal issues can be discussed in PMs or elsewhere, but not on the public forums.

Let's get back to the focus of the thread and keep it professional.

Please do not respond publicly to this post. Please stay on topic going forward.

Thanks all.

Brad!
Site Admin

Show 50 post(s) from this thread on one page